John the Ripper now able to crack office files and use GPUs

 

4 July 2012, 12:38

 

http://h-online.com/-1631901

 

"Version 1.7.9-jumbo-6 of the John the Ripper password cracker sees significant format support enhancements. The open source tool is now able to crack password-protected office documents (Office 2007/2010 and OpenDocument) and Firefox, Thunderbird and SeaMonkey master passwords, as well as WPA-PSK keys and Mac OS X keychains. It can also request to use GPUs via CUDA and OpenCL. The suffix "jumbo" appears to be intended literally – more than 40,000 lines of code have been added in the six months since the previous release.

 

Developer Solar Designer told The H's associates at heise Security that, in developing GPU support, the focus has been on modern functions which can be slow to calculate, such as WPA-PSK and Unix password hashes. For some functions, such as Ubuntu's standard hash function (sha512crypt) and the time-consuming bcrypt, there were, according to the developers, no crackers with GPU support until now, "because others were unhappy about releasing a tool with 'non-impressive' speed numbers, even if this is desirable in practice".

 

In the case of sha512crypt, this means that the GPU on a GeForce GTX 570 graphics card can generate around 11,000 hashes per second – still more than five times faster than on a computer with eight CPU cores. By comparison, for SHA1 hashes, with GPU support this figure would normally be in the millions. For bcrypt, a graphics card just beats an eight-core system by a hair's breadth – in both cases the maximum figure is around 5,000 hashes. The inability of GPUs to realise speed gains with bcrypt is due to the algorithm's design, which is very memory intensive. According to Solar Designer, the developers were primarily concerned with finding out just how slow the bcrypt implementation would be."

 

- http://www.openwall.com/lists/john-users/2012/06/29/1

- http://www.openwall.com/john/

- http://en.wikipedia.org/wiki/OpenDocument

- http://en.wikipedia.org/wiki/Bcrypt

- http://www.reddit.com/r/netsec/comments/vsygc/john_the_ripper_179jumbo6_adds_gpu_support/

- http://www.h-online.com/news/item/Cracking-DES-faster-with-John-the-Ripper-1273585.html

* http://www.h-online.com/security/news/item/John-the-Ripper-now-able-to-crack-office-files-and-use-GPUs-1631901.html

 

crve@h-online.com

Copyright © 2012 Heise Media UK Ltd.

 

##############################################

Sensitive Information Security Sources and Breaches

 

Unauthorized disclosures of secrets are essential for democracy.

 

In response to Wikileaks background inquiries Cryptome offers that there are hundreds of online and offline sources of sensitive information security breaches which preceded Wikileaks beginning about 120 years ago. This outline traces the conflict between technological capabilities for sensitive information breaches and control by law enforcement when technical countermeasures are insufficient -- a few examples among many others worldwide:

 

http://cryptome.org/0002/siss.htm

##############################################

Feds Look to Fight Leaks With ‘Fog of Disinformation’

 

http://cryptogon.com/?p=30257

 

July 4th, 2012

 

Via: Danger Room:

 

http://www.wired.com/dangerroom/2012/07/fog-computing/all/

 

Pentagon-funded researchers have come up with a new plan for busting leakers: Spot them by how they search, and then entice the secret-spillers with decoy documents that will give them away.

 

Computer scientists call it it “Fog Computing” — a play on today’s cloud computing craze. And in a recent paper for Darpa, the Pentagon’s premiere research arm, researchers say they’ve built “a prototype for automatically generating and distributing believable misinformation … and then tracking access and attempted misuse of it. We call this ‘disinformation technology.’”

############################################

Three NSA Whistleblowers Back EFF’s Lawsuit Over Government’s Massive Spying Program

 

http://cryptogon.com/?p=30266

 

July 5th, 2012

 

Via: Electronic Frontier Foundation:

 

https://www.eff.org/press/releases/three-nsa-whistleblowers-back-effs-lawsuit-over-governments-massive-spying-program

 

"San Francisco – Three whistleblowers – all former employees of the National Security Agency (NSA) – have come forward to give evidence in the Electronic Frontier Foundation’s (EFF’s) lawsuit against the government’s illegal mass surveillance program, Jewel v. NSA.

 

In a motion filed today, the three former intelligence analysts confirm that the NSA has, or is in the process of obtaining, the capability to seize and store most electronic communications passing through its U.S. intercept centers, such as the “secret room” at the AT&T facility in San Francisco first disclosed by retired AT&T technician Mark Klein in early 2006.

 

“For years, government lawyers have been arguing that our case is too secret for the courts to consider, despite the mounting confirmation of widespread mass illegal surveillance of ordinary people,” said EFF Legal Director Cindy Cohn. “Now we have three former NSA officials confirming the basic facts. Neither the Constitution nor federal law allow the government to collect massive amounts of communications and data of innocent Americans and fish around in it in case it might find something interesting. This kind of power is too easily abused. We’re extremely pleased that more whistleblowers have come forward to help end this massive spying program.”

 

The three former NSA employees with declarations in EFF’s brief are William E. Binney, Thomas A. Drake, and J. Kirk Wiebe. All were targets of a federal investigation into leaks to the New York Times that sparked the initial news coverage about the warrantless wiretapping program. Binney and Wiebe were formally cleared of charges and Drake had those charges against him dropped."

#####################################################

Swarms of Maple Seed Drones (Lockheed Martin)

 

July 6th, 2012

 

http://cryptogon.com/?p=30277

 

Via: Talking Points Memo:

 

http://idealab.talkingpointsmemo.com/2012/07/maple-seed-drones-will-swarm-the-future.php

 

Imagine a cheap, tiny, hovering aerial drone capable of being launched with the flick of a person’s wrist and able to provide manipulable 360-degree surveillance views.

 

It’s real, it’s inspired by maple seeds, and the company behind it, Lockheed Martin, envisions a future in which swarms of the new drones can be deployed at a fraction of the cost and with greater capabilities than drones being used today by the military and other agencies.

 

“Think about dropping a thousand of these out of an aircraft,” said Bill Borgia, head of Lockheed Martin’s Intelligent Robotics Lab, in a phone interview with TPM, “Think about the wide area over which one collect imagery. Instead of sending one or two expensive, highly valuable aircraft like we do today, you could send thousands of these inexpensive aircraft, and they are almost expendable.”

 

- IMAGE: http://talkingpointsmemo.com/assets_c/2012/07/samarai-drone-lockheed-martin-cropped-proto-custom_28.jpg

 

"In June, Lockheed Martin released a video demo of the drone’s capabilities, and it is clearly impressive, launched by hand and piloted using a tablet computer, which also displays the drone’s live surveillance feed."

- VIDEO DEMO: http://youtu.be/n_q_DD_4LNg

#######################################